US20120110184A1 - Physical layer photonic protocol switch - Google Patents
Physical layer photonic protocol switch Download PDFInfo
- Publication number
- US20120110184A1 US20120110184A1 US12/915,505 US91550510A US2012110184A1 US 20120110184 A1 US20120110184 A1 US 20120110184A1 US 91550510 A US91550510 A US 91550510A US 2012110184 A1 US2012110184 A1 US 2012110184A1
- Authority
- US
- United States
- Prior art keywords
- optical
- computing
- photonic
- topology
- protocol switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0005—Switch and router aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0005—Switch and router aspects
- H04Q2011/0007—Construction
- H04Q2011/0009—Construction using wavelength filters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0005—Switch and router aspects
- H04Q2011/0007—Construction
- H04Q2011/0015—Construction using splitting combining
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0005—Switch and router aspects
- H04Q2011/0007—Construction
- H04Q2011/0016—Construction using wavelength multiplexing or demultiplexing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0005—Switch and router aspects
- H04Q2011/0037—Operation
- H04Q2011/0039—Electrical control
Definitions
- the disclosure relates to a physical layer photonic protocol switch (PLPPS) that is protocol independent and switches at the optical signal level.
- PPPS physical layer photonic protocol switch
- a physical network is a system of devices or resources that communicate via cabling, modems, routers, or other hardware.
- the resources are physically connected to a computing infrastructure to form a logical system topology and are managed independently of any other logical system topology with a distinct separation of responsibilities, different security levels and different rules in each topology.
- Each logical system topology is seen as a private area where information is not openly shared with other topologies and is isolated from other topologies.
- Each logical system topology can be seen as having its own security classification that may be different than the security classification of any other logical system topology.
- the subsystem resources In order to share or reassign computing subsystem resources between logical system topologies, the subsystem resources must be manually unplugged from a network switch of a first logical system topology and then manually plugged into a network switch of a second logical system topology.
- the mission system equipment or subsystem resources cannot be shared between multiple security classification levels. For example, if users of two separate security classifications require the use of a processor, then two separate processors would normally need to be provided.
- PLPPS physical layer photonic protocol switch
- LST logical system topologies
- enclaves of differing security levels.
- Embedded within the PLPPS is a configuration policy manager and controller having a topology policy library that contains the approved or accredited list of logical system topologies permitted access to the system.
- additional computing subsystem resources can be allocated to a specific logical system topology or shared amongst a plurality of logical system topologies, when needed.
- This application refers to a computing system and is intended to broadly cover the class of hardware architectures and software used for computing.
- Computing can mean the activity of using computer technology, whether it is computer hardware and/or software.
- the computing system can comprise some form of network, regardless of whether that network is printed onto a circuit board or made up of linked devices and cables.
- the computing system processes are able to be interconnected via some form of communication system, comprising equipment or cabling.
- this application is also intended to encompass computer hardware architecture and software that does not perform mathematical and logical operations.
- the failover control module 24 controls the reconfiguration of the system in the event of a system failure.
- the diagnostics module 26 performs the power up and runtime Built-In-Test.
- the external management and control interface module 28 can be browser based.
- the interface module 28 can be an external interface consisting of COTS protocol, e.g. a port and an Ethernet switch.
- the audit module 30 collects and records all security critical events.
- Each type of subsystem resource 18 could be comprised of a plurality of that type of resource or a combination of any type of subsystem resource 18 . However, each type of subsystem resource 18 could be none or any number of subsystem resources 18 .
- the theater 224 is in communication with an Unmanned Aerial System (UAS) Infrastructure Topology 230 where the UAS Infrastructure Topology 230 comprises a processor 232 , an Ethernet switch 234 , a down grader 236 , an electro-optic infrared camera 238 , and any number of military radios 228 .
- UAS Unmanned Aerial System
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Optical Communication System (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A physical layer photonic protocol switch (PLPPS) that is protocol independent and switches at the optical signal level. Computing subsystem resources are linked to the PLPPS and are grouped into one or more logical system topologies. If needed, additional computing subsystem resources can be allocated to the logical system topology, during runtime. The PLPPS provides the ability to dynamically allocate computing subsystem resources to specific computing enclaves. The PLPPS manages the configuration of and controls access to the computing subsystem resources. Computing resources can then be assigned to specific logical system topologies and additional computing subsystem resources are able to be shared, added or removed, from other logical system topologies, as needs fluctuate. This physical layer switch architecture creates a dynamic computing infrastructure allowing for the sharing of a single computing subsystem resource amongst two or more logical system topologies.
Description
- The disclosure relates to a physical layer photonic protocol switch (PLPPS) that is protocol independent and switches at the optical signal level.
- A physical network is a system of devices or resources that communicate via cabling, modems, routers, or other hardware. The resources are physically connected to a computing infrastructure to form a logical system topology and are managed independently of any other logical system topology with a distinct separation of responsibilities, different security levels and different rules in each topology. Each logical system topology is seen as a private area where information is not openly shared with other topologies and is isolated from other topologies. Each logical system topology can be seen as having its own security classification that may be different than the security classification of any other logical system topology. In order to share or reassign computing subsystem resources between logical system topologies, the subsystem resources must be manually unplugged from a network switch of a first logical system topology and then manually plugged into a network switch of a second logical system topology.
- In a typical scenario of secure interconnect capability, as shown in
FIG. 1A , some physical networks may include, for example, more than one logical system topology (LST) or enclave or form part of an extended network which incorporates one or more LST's, whose network switches are linked to each other through a guard or firewall. The guard is in place to control the protocol rules, to filter certain traffic between the systems, and to prevent secure information from being shared between the LST's. For example, in an office system, the human resources department and the accounting department share the same extended network which contains general computing functions, but each department has their own logical system topology that is isolated from other logical system topologies. Therefore, the accounting department does not have access to the human resource logical system topology which contains personal information regarding the employees. Additionally, the processors in the human resources department are not available for the accounting departments use and are not able to be reassigned to the accounting department without manually unplugging and moving the processors. - As illustrated in
FIG. 1B , in order to provide additional processing capabilities toLST # 1,Processor 4 is manually unplugged from the switch ofLST # 2 and is then manually plugged into the switch ofLST # 1. This limits the use ofProcessor 4 to one LST at a time. - Therefore, without manual reconfiguration and sanitization of the equipment, the mission system equipment or subsystem resources cannot be shared between multiple security classification levels. For example, if users of two separate security classifications require the use of a processor, then two separate processors would normally need to be provided.
- is A physical layer photonic protocol switch (PLPPS) that is protocol independent and switches at the optical signal level is described herein. Computing subsystem resources are connected to the PLPPS and are able to be allocated or shared with one or more logical system topologies (LST) or enclaves of differing security levels. Embedded within the PLPPS is a configuration policy manager and controller having a topology policy library that contains the approved or accredited list of logical system topologies permitted access to the system. During runtime additional computing subsystem resources can be allocated to a specific logical system topology or shared amongst a plurality of logical system topologies, when needed.
- The PLPPS provides the ability to dynamically allocate computing subsystem resources to specific computing enclaves or logical system topologies without the need to manually reconfigure the connection to the PLPPS. The PLPPS manages the configuration of and controls access to the computing subsystem resources. Computing subsystem resources can then be assigned to specific logical system topologies and additional computing subsystem resources are able to be shared, added or removed, from other logical system topologies, as needs fluctuate. This physical layer switch architecture creates a dynamic computing infrastructure allowing for the sharing of a single computing subsystem resource amongst two or more logical system topologies of differing security classification levels while performing high-speed data manipulation, all while maintaining channel separation and security separation.
- The PLPPS is a dynamic computing system that is advantageous in that allocation of computing subsystem resources is done without the physical or manual manipulation of the computing subsystem resources. This architecture driven allocation is less time consuming than the physical act of unplugging and plugging in a computing subsystem resource or a user inputting data. Another advantage is that more processes are able to be run with fewer separate subsystem resources. Additionally, the space or footprint required to house the various subsystem resources is reduced. The reduced footprint also is helpful in supporting multiple missions from limited space environments.
- The PLPPS can also provide a secure computing environment where the separation of data between different security classifications is essential. In a military environment, this allows for the sharing of mission system equipment across multiple security sensitivity levels and enables a reduction in size, weight and power (SWaP) of embedded mission system equipment applications. Different security enclaves can be created without additional hardware resources and under-utilized subsystem resources can be reassigned to other security enclaves.
- Applications of a PLPPS include public and private entities. Example applications of a PLPPS include, but are not limited to: space constrained systems, where subsystem resources need to be shared amongst several software applications; applications which require subsystem resources to be reconfigured or redistributed during the mission; distributed computing systems; and ad hoc computing systems. Users can comprise commercial or public enterprises, for example, businesses involved in processing of payroll, insurance companies, banks, accounting firms, private security, police and fire departments, Department of Defense, and the military. In essence, users of a dynamic computing system could comprise any entity that may require more than one user system, especially where the user systems are of different security levels.
- One advantage of the dynamic nature of the PLPPS infrastructure allows for better subsystem resource sharing. In space constrained systems, such as a Navy surface ship or submarine, subsystem resources may need to be shared amongst several software applications during the mission, but the information contained within those subsystem resources is not to be shared. The PLPPS ensures that the information remains separated by providing both a strong port-to-port separation and an ability to securely block specific ports from receiving unauthorized information flows through the protocol switch.
- An additional advantage of the PLPPS dynamic enclave computing system allows for switching at a physical layer of a network stack, which is protocol independent. Currently, most computing infrastructures in Department of Defense (DoD) platforms are fixed to the underlying local area network (LAN). Therefore, with the PLPPS, the potential is higher to get security certified for DoD platform applications than applications that require commercial-off-the-shelf (COTS) virtual local area networks (VLAN) or COTS VLAN.
-
FIG. 1A illustrates a typical scenario of computing architecture containing a guard between logical system topologies or security enclaves. -
FIG. 1B illustrates a typical scenario of computing architecture containing a guard between logical system topologies or security enclaves and the manual reconfiguration or the reassignment of a processor. -
FIG. 2 illustrates the new computing architecture approach using the PLPPS system. -
FIG. 3A is a diagram of a prior art MEMS device. -
FIG. 3B is an illustration of a prior art MEMS device with a micro-mirror array. -
FIG. 3C is an illustration of a prior art MEMS device with piezoelectric beam steering. -
FIG. 4 illustrates a PLPPS system. -
FIG. 5 illustrates the configuration policy manager and controller (CPMC) and the CPMC function modules. -
FIG. 6 illustrates exemplary logical system topologies and a PLPPS system. - A physical layer photonic protocol switch (PLPPS) system that is protocol independent and switches at the optical signal level is described herein. Computing subsystem resources are connected to the PLPPS and are able to be allocated or shared amongst one or more logical system topologies while maintaining the separation amongst channels and security levels. Embedded within the PLPPS is a configuration policy manager and controller having a topology library that contains the approved or accredited list of logical system topologies permitted access to the PLPPS and the security classification. If needed, additional computing subsystem resources can be allocated to the logical system topology, during runtime.
- The PLPPS is configured to dynamically allocate computing subsystem resources to specific computing enclaves or logical system topologies. The PLPPS is configured to manage the configuration of and control access to the computing subsystem resources. Computing subsystem resources can then be assigned to specific logical system topologies and additional computing subsystem resources are able to be shared, added or removed, from other logical system topologies, as needs fluctuate. The physical layer switch architecture of the PLPPS creates a dynamic computing infrastructure further allowing for the sharing of a single computing subsystem resource amongst two or more logical system topologies while performing high-speed data manipulation. The physical layer switch architecture separates the different channels and allows some channels to flow while blocking others.
- This application refers to a computing system and is intended to broadly cover the class of hardware architectures and software used for computing. Computing can mean the activity of using computer technology, whether it is computer hardware and/or software. For example, the computing system can comprise some form of network, regardless of whether that network is printed onto a circuit board or made up of linked devices and cables. And the computing system processes are able to be interconnected via some form of communication system, comprising equipment or cabling. However, this application is also intended to encompass computer hardware architecture and software that does not perform mathematical and logical operations.
- Computing is also intended to encompass activities requiring or benefiting from computers. Thus, computing encompasses hardware and software systems for the purposes of, for example, processing, structuring, and managing various kinds of information, doing scientific studies using computers, making computer systems behave intelligently, creating and using communications and entertainment media, finding and gathering information relevant to any particular purpose, capturing data from sensors, e.g. an ethernet enable camera, and so on.
- With reference to
FIG. 2 , aPLPPS system 10 is illustrated as implementing at least oneprotocol processor 16, at least oneoptical blocker 42, a configuration policy manager and controller (CPMC) 14, and at least one or, for example, a plurality ofcomputing subsystem resources 18 in communication with thePLPPS 12. TheCPMC 14 has a topology library containing the approved or accredited list oflogical system topologies 20 that may access the system to include the security classifications.Logical system topology 20 data is thus downloaded or transferred to theCPMC 14 to generate the topology library. The computing subsystem resources can include, but are not limited to, processors, guards, Ethernet switches, etc. Theprotocol processor 16 can be configured to allocate at least one of thecomputing subsystem resources 18 so that a requestinglogical system topology 20 has access to thecomputing subsystem resource 18. - The
PLPPS system 10 is based on a conventional optical wavelength division multiplexing (WDM) star/coupler architecture. Thus, for networks that support multi-enclave information, thePLPPS system 10 implementation provides a secure network that protects eachlogical system topology 20 by providing a strong port-to-port separation and an ability to securely block specific ports from receiving unauthorized information flows. ThePLPPS system 10 creates a plane of trust 52 (seeFIG. 4 ) that is well controlled. - It is to be understood that even though the
PLPPS 12 is described herein as being optical based, it is possible that a non-optical system or electronic patch panel can be used that could perform high-speed data manipulation and assign andshare subsystem resources 18 as described herein. - The
PLPPS system 10 differs from current optical switches on the market, e.g. micro-electro-mechanical systems (MEMS), as illustrated inFIGS. 3A to 3C . AMEMS device 100 is an optical switch. An optical signal is received at aninput port 110 and is directed to anoutput port 120. TheMEMS device 100 allows for reconfiguration so that theoutput port 120 can be changed depending on network needs. The topology of theMEMS device 100 is simply point-to-point communication and does not allow for a broadcast topology as in thePLPPS system 10. In addition, theoptical signal 130 that is input to theMEMS device 100 is the same signal that is output. This differs from thePLPPS system 10 where the optical signal wavelengths are configured so that they are separated and some are allowed to flow while others are blocked. -
FIG. 3A is a system diagram of theMEMS device 100. Theinput ports 110 can be connected to electro-optic converters 140 which are in turn connected to areconfigurable MEMS switch 150. The optical signal is input to theMEMS switch 150 and is output to an optic-electro convertor 160 and exits theMEMS device 100 at theoutput port 120. TheMEMS switch 150 is controlled by aswitch manager 170 that processes requests from nodes and issues commands to switch the path of the optical signal. -
FIG. 3B highlights the technology of theMEMS device 100 with a micro-mirror array and its operational aspects. Inputpassive collimators 180 direct theoptical signal 130 to amirror array 190 which redirects theoptical signal 130 to outputpassive collimators 185. Adjustment of themirror arrays 190 perform switching or optical blocking. It is to be noted that theoptical signal 130 is not altered, only redirected or blocked in its entirety. -
FIG. 3C highlights the technology of aMEMS device 100 with piezoelectric beam steering and its operational aspects. Inputpassive collimators 180 direct theoptical signal 130 directly to outputpassive collimators 185. It is to be noted that theoptical signal 130 is not altered, only redirected or blocked in its entirely. - One embodiment of the a
PLPPS system 10 is shown in more detail inFIG. 4 . This embodiment includes aPLPPS 12, aCPMC 14, a plurality of theprotocol processors 16,ports 40,optical blockers 42,optical transmitters 44,optical receivers 46, filters 48,demultiplexers 50 and a passive optical star (POS) 52. As part of thePLPPS system 10, components can include, but are not limited to,computing subsystem resources 18 and logical system topologies 20. It is to be understood that thePLPPS system 10 can include one or any number of the components as shown and that the configuration can be altered as required. - The
CPMC 14 is connected to the optical blockers 42 (the connection is not shown inFIG. 4 ).Logical system topologies 20 are downloaded to theCPMC 14 by transference of data via, for example, a wireless, wired, or data storage device. This does not limit the transference of data by the examples given. Data can be transferred using any known or yet to be known method of data transfer.Computing subsystem resources 18 are connected to thePLPPS 12 through theports 40. - The
CPMC 14 is a computing device that manages the policies of thelogical system topologies 20 and controls and manages the functional elements of thePLPPS 12. TheCPMC 14 manages the configuration of the optical signal and gives permissions to allow certain wavelengths while blocking other wavelengths. TheCPMC 14 is responsible for managing and controlling theoptical blocker 42, thereby effectively controlling and managing the configuration of thesubsystem resources 18. As shown inFIG. 5 , the functional elements of theCPMC 14 can include, but are not limited to, a topologypolicy library module 22, afailover control module 24, adiagnostics module 26, an external management andcontrol interface 28, anaudit function module 30, a control module for the internal optics transmitfunction 32, and a control module for the internal optics receivefunction 34. The modules can be implemented either by hardware or by software. The communication framework of the modules could be protocol and software language independent. - The
topology policy library 22 is an information library based on data structures that have been loaded. The data structures contain the approved or accredited collection oflogical system topologies 20 that thePLPPS 12 can support and thelogical system topologies 20 that are permitted to access thePLPPS 12 and access and use thesubsystem resources 18. Thetopology policy library 22 determines the connectivity, through theoptical blocker 42, between thevarious subsystem resources 18 and thePLPPS 12 by providing information to theoptical blocker 42 on which optical wavelengths or signals to allow or block. This is accomplished while maintaining the proper security classification levels, maintaining the plane oftrust 52 and preventing the cross-over of information between thelogical system topologies 20 of differing security classification levels. Thetopology policy library 22 can only be accessed and modified by users with the proper credentials and password access, but can be modified while in use, if needed. - The
failover control module 24 controls the reconfiguration of the system in the event of a system failure. Thediagnostics module 26 performs the power up and runtime Built-In-Test. The external management andcontrol interface module 28 can be browser based. Theinterface module 28 can be an external interface consisting of COTS protocol, e.g. a port and an Ethernet switch. Theaudit module 30 collects and records all security critical events. - Allowance or blockage of the various wavelengths is accomplished through the control modules for the internal optics transmit and receive
functions - The
CPMC 14 is linked to theoptical blocker 42 via a wired connection or a wireless connection. The wired connection may include, for example, fiber optic, coaxial, or twisted pair structured cabling. The wireless connection may include, for example, infrared radiation, microwave, or radio waves through a medium like air and may include, for example, narrowband, broadband, or circuit/packet data. However, any type of connection to link theoptical blocker 42 and theCPMC 14 so that they can communicate can be used. - One or
more protocol processors 16 are provided. Theprotocol processor 16 is an electronic device that makes it possible to interconnect thevarious subsystem resources 18 to specific transmission paths based on input from theCPMC 14. Theprotocol processor 16 providesLayer 2 and higher Protocol switch and protocol functions including MAC protocol, discovery protocol, packet switching/routing, etc. Theprotocol processor 16 adds an abstraction layer between the cable plant and the computing resources and provides the electrical interface to theoptical transmitters 44 andreceivers 46. - One or
more ports 40 are provided on thePLPPS 12. Theports 40 allow thecomputing subsystem resources 18 to connect to thePLPPS 12 in order to transmit and receive data to and from thePLPPS 12. Theport 40 can be a wired or a wireless connection. The wireless connection can be radio frequency, infrared light, laser light, visible light, acoustic energy or any other means available to transfer information without the use of wires. The wired connection can include RS-232, USB,Category 5 Ethernet cable, or any other type of connection that physically connects thecomputing subsystem resources 18 to thePLPPS 12 and is able to transmit information. - One or more
optical blockers 42 are provided. Theoptical blockers 42 implement thelogical system topology 20 configuration policy by configuring which wavelengths to allow and which wavelengths to block. Theoptical blocker 42 is protocol independent and does not inspect incoming traffic or make routing decisions. Theoptical blocker 42 is controlled by and instructed by theCPMC 14 as to which wavelengths are to be transmitted and which wavelengths are to be blocked. - One or more
optical transmitters 44 andreceivers 46 are provided. Aoptical transmitter 44 andreceiver 46 uses fiber optic technology to efficiently send and receive data, respectively, audio, and video at high speed data rates over with minimal signal skew.Transmitters 44 convert electrical signals into optical signals andreceivers 46 convert optical signals into electrical signals. - One or more
optical filters 48 are provided.Optical filters 48 are designed to pass specific wavelengths and reject others. The optical filters 48 can be either low-pass or high-pass filters but are most likely band-pass filters. A low-pass fiber optic filter allows only shorter wavelengths of light to pass through thefilter 48, while a high-pass fiber optic filter allows only the longer wavelengths to pass through. A band-pass optical filter allows only a narrow range of wavelengths to pass through. Fiber optics filters 48 can be fine-tuned to select very narrow wavelength ranges. - One or
more demultiplexers 50 are provided. Ademultiplexer 50 receives multiple signals that have been transmitted on one line and then decodes these single line signals into separate multiple signals. Thedemultiplexer 50 is able to transmit the individual data signals from multiplelogical system topologies 20 simultaneously over one communications medium while maintaining separation and security of the data. Thedemultiplexer 50 supports the implementation of thelogical system topology 20 configuration policy by separating the different channels for theoptical blockers 42. - The passive optical star (POS) 52 is a passive platform for implementing the optical network by providing broadcast capability. Through Wavelength Division Multiplexing (WDM), a large bandwidth of optical fiber can be divided into a set of high-speed logical channels. One wavelength can be provided to the
POS 52 and multiple wavelengths can be distributed. All WDM wavelengths are combined on thePOS 52. - The
computing subsystem resources 18 comprise any component that can be attached to a computing network including, but not limited to, processors, external communication devices, internal communication devices, storage devices, down graders, sensors, displays, network switches, guards, printers, servers, scanners, voice over IP systems, workstations, personal computers, etc. Thesubsystem resources 18 are linked to thePLPPS 12 via a wired connection or a wireless connection via aport 40. The wired connection may include, for example, fiber optic, coaxial, or twisted pair structured cabling. The wireless connection may include, for example, infrared radiation, microwave, or radio waves through a medium like air and may include, for example, narrowband, broadband, or circuit/packet data. However, any type of connection to link thePLPPS 12 and thesubsystem resources 18 so that they can communicate can be used. - For example, one type of
subsystem resource 18 can be a processor. A processor is an electronic circuit that can execute computer programs and are made for one or many purposes. This includes, but is not limited to, central processing units (CPU) and microprocessors. There can be any number or no processors in thePLPPS system 10. - Another type of
subsystem resource 18 can be a storage device. A storage device is any device for recording or storing information or data. A storage device may hold information, process information, or both. Storage devices include, but are not limited to, random access memory (RAM), optical disks, floppy disks, USB flash drives, hard disk drives, magnetic tape, film, punch cards, and video tapes. There can be any number or no storage devices in thePLPPS system 10. - Another type of
subsystem resource 18 can be a communication device. A communication device can be on- or off-platform or external/internal. The communication device can be, for example, wide-band, satellite communications, radio communications, or a terminal. There can be any number or no communication devices in thePLPPS system 10. - Another type of
subsystem resource 18 can be a sensor. The sensor can be, but is not limited to, a camera, surveillance radar, electronic support measures (ESM), identify friend or foe (IFF) or automatic identification system (AIS). There can be any number or no sensors in thePLPPS system 10. - Each type of
subsystem resource 18 could be comprised of a plurality of that type of resource or a combination of any type ofsubsystem resource 18. However, each type ofsubsystem resource 18 could be none or any number ofsubsystem resources 18. - A
logical system topology 20 may be isolated, maintained separate, or private, from otherlogical system topologies 20 and may be allocated to perform specific processing activities or be allocated to specific computing groups. For example, onelogical system topology 20 can be a surveillance data distribution topology while a separate topology can be a communications relay. - A logical system topology's 20 information may be kept private and not shared with other logical system topologies 20. Another example may allow for sharing of information, in whole or in part, between logical system topologies 20. Additionally, a
logical system topology 20 may be configured as asubsystem resource 18 and allocated to a separatelogical system topology 20. - The
logical system topologies 20 data is downloaded or transferred to theCPMC 14topology library 22. The transfer of data can be accomplished by a wired connection, a wireless connection, via a data storage device, e.g., a thumb drive, hard drive, magnetic tape, optical disk, or by any known or yet to be known method of data transfer. The wired connection may include, for example, fiber optic, coaxial, or twisted pair structured cabling. The wireless connection may include, for example, infrared radiation, microwave, or radio waves through a medium like air and may include, for example, narrowband, broadband, or circuit/packet data. - In the
PLPPS system 10, alogical system topology 20 can acquireadditional resources 18. TheCPMC 14 sends messages using application software to instruct theoptical blocker 42 to allocatesubsystem resources 18 to specific logical system topologies 20. TheCPMC 14 has knowledge, by function modules, of allsubsystem resources 18, where eachsubsystem resource 18 is allocated and whether thesubsystem resource 18 is in use or is available or can be shared. TheCPMC 14 is able to allocate thesubsystem resources 18 to specificlogical system topologies 20 and is able to add or reducesubsystem resources 18 to thelogical system topologies 20 as needed by instructing theoptical blocker 42 to configure wavelengths to allow or block specific channels. - An example of how a
subsystem resource 18 is assigned to a specificlogical system topology 20 in thePLPPS system 10 follows and is illustrated inFIG. 6 . The physical configuration of thePLPPS system 10 comprises thePLPPS switch 12 with at least oneprotocol processor 16, at least oneoptical blocker 42 and thetopology library 14. Computing subsystem resources connected to thePLPPS 12 can include, as in this example,processors 202,storage 204, adown grader 206,wide band communications 208, a UHF/VHF radio 210, aCDL terminal 212, anNBSC terminal 214, and sensors, including an electro-opticinfrared camera 216,surveillance radar 218, electronic counter measures (ESM) 220, and an automatic identification system (AIS) 222. - Shown in
FIG. 6 are two logical system topologies 20. Any number oflogical system topologies 20 can be provided and thelogical system topologies 20 can be comprised of any number of components to perform the same or different functions. One example of alogical system topology 20 is a surveillance data distribution capability withtheater topology 20 a used in a military setting in which thetheater 224 comprises asurveillance spot 226, and any number ofmilitary radios 228. Thetheater 224 is in communication with an Unmanned Aerial System (UAS)Infrastructure Topology 230 where theUAS Infrastructure Topology 230 comprises aprocessor 232, anEthernet switch 234, adown grader 236, an electro-opticinfrared camera 238, and any number ofmilitary radios 228. - The second
logical system topology 20 is a communications relay capability withintheater topology 20 b used in a military setting in which thetheater 224 comprises any number ofmilitary radios 228. Thetheater 224 is in communication with an Unmanned Aerial System (UAS)Infrastructure Topology 230 where theUAS Infrastructure Topololgy 230 consists of anEthernet switch 234, adown grader 236, and any number ofmilitary radios 228. - The
logical system topology 20, for example, the surveillancedata distribution topology 20 a, is in contact with thePLPPS system 10 via thetopology library 22. As thelogical system topology 20 a collects and processes data, it is realized by thetopology 20 a that additional processing capability is required. A request is sent from thelogical system topology 20 a to theCPMC 14 requesting aprocessor 202. TheCPMC 14 receives the request and determines, per its approved list as to whether the specificlogical system topology 20 a is permitted access to the system and aprocessor 202. - Upon verification of accessibility, the
optical blocker 42 is instructed by theCPMC 14 to the unblock state to allocate aprocessor 202 to the requestinglogical system topology 20 a. A network path is then established so that thelogical system topology 20 a has access to theprocessor 202. Upon completion of the task, when thelogical system topology 20 a no longer has a need for the additional processing capability, theCPMC 14 closes theoptical blocker 42 and theprocessor 202 is no longer available to thelogical system topology 20 a but is available to and can be reassigned to otherlogical system topologies 20 as needed. The allocation of thesubsystem resources 18 are platform and mission dependent so that in some operations thesubsystem resources 18 will require sanitization and in other operations no sanitization is required. For example, if theprocessor 202 is provided to alogical system topology 20 up in security level from its previous assignment, no sanitization may be necessary. But, if theprocessor 202 is provided to alogical system topology 20 down in security level, sanitization may be necessary. - The examples disclosed in this application are to be considered in all respects as illustrative and not limitative. The scope of the invention is indicated by the appended claims rather than by the foregoing description; and all changes which come within the meaning and range of equivalency of the claims are intended to be embraced therein.
Claims (15)
1. A physical layer protocol switch, comprising:
at least one optical blocker;
at least one protocol processor; and
a configuration policy manager and controller connected to the optical blocker that manages and controls the optical blocker, the configuration policy manager and controller has a topology library containing a list of approved topologies.
2. The physical layer protocol switch of claim 1 , wherein the physical layer protocol switch is configured to switch at an optical signal level.
3. The physical layer protocol switch of claim 2 , further comprising a port, at least one optical transmitter and at least one optical receiver connected to the protocol processor, the optical blockers connected to the at least one optical transmitter and to the at least one optical receiver, an optical filter connected to the optical blocker of the optical transmitter, a demultiplexer connected to the optical blockers of the optical receivers, and a passive optical star connected to the optical filter and to the demultiplexer.
4. The physical layer protocol switch of claim 2 , wherein at least one of the topologies is a computing logical system topology that allocates computing subsystem resources.
5. The physical layer protocol switch of claim 2 , wherein the configuration policy manager and controller includes a plurality of function modules, the function modules comprise a topology policy library module containing the topology library, a failover control module, a diagnostics module, an external management and control interface module, an audit function module, an optical transmit function control module, and an optical receive function control module.
6. A photonic protocol switch system, comprising:
a photonic protocol switch;
a plurality of computing subsystem resources linked to the photonic protocol switch; and
the photonic protocol switch includes a configuration policy manager and controller connected thereto that manages and controls the photonic protocol switch, the configuration policy manager and controller has a topology library having a database containing a list of approved computing subsystem resource topologies.
7. The photonic protocol switch system of claim 6 , wherein the photonic protocol switch comprises a port, a protocol processor connected to the port, at least one optical transmitter and a plurality of optical receivers connected to the distributed Ethernet switch, optical blockers connected to the optical transmitter and to the optical receivers, an optical filter connected to the optical blocker of the optical transmitter, a demultiplexer connected to the optical blockers of the optical receivers, and a passive optical star connected to the optical filter and to the demultiplexer.
8. The photonic protocol switch system of claim 6 , wherein the configuration policy manager and controller includes a plurality of function modules, the function modules comprise a topology policy library module containing the topology library, a failover control module, a diagnostics module, an external management and control interface module, an audit function module, an optical transmit function control module, and an optical receive function control module.
9. The photonic protocol switch system of claim 6 , wherein the computing subsystem resources comprise at least two of the following: sensors, communications devices, down graders, processors, storage devices, printers, displays, network switches, servers, workstations, scanners, personal computers, and/or voice over IP systems and guards.
10. The photonic protocol switch system of claim 6 , wherein the computing subsystem resources are connected to the photonic protocol switch by a wired connection or a wireless connection.
11. A method comprising:
configuring a system that includes a physical layer photonic protocol switch and a plurality of computing subsystem resources connected to the physical layer photonic protocol switch, and a configuration policy manager and controller, having a topology library with a plurality of computing logical system topologies, that is connected to the physical layer photonic protocol switch; and
configuring the configuration policy manager and controller to control and manage allocation of at least one of the computing subsystem resources to a requesting computing logical system topology via the physical layer photonic protocol switch.
12. The method of claim 11 , further comprising configuring the configuration policy manager and controller to check the availability of the computing subsystem resources for possible allocation.
13. The method of claim 11 , wherein each computing logical system topology includes a plurality of the computing subsystem resources wherein when one of the computing logical system topologies is selected, the corresponding plurality of computing subsystem resources are allocated to the selected computing logical system topology.
14. The method of claim 11 , wherein the computing subsystem resources comprise at least two of the following: sensors, communications devices, down graders, processors, storage devices, printers, displays, network switches, servers, workstations, scanners, personal computers, and/or voice over IP systems and guards.
15. The method of claim 11 , wherein the computing subsystem resources are connected to the physical layer photonic protocol switch by a wired connection or a wireless connection.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/915,505 US20120110184A1 (en) | 2010-10-29 | 2010-10-29 | Physical layer photonic protocol switch |
PCT/US2011/057989 WO2012058370A1 (en) | 2010-10-29 | 2011-10-27 | Physical layer photonic protocol switch |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/915,505 US20120110184A1 (en) | 2010-10-29 | 2010-10-29 | Physical layer photonic protocol switch |
Publications (1)
Publication Number | Publication Date |
---|---|
US20120110184A1 true US20120110184A1 (en) | 2012-05-03 |
Family
ID=45002120
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/915,505 Abandoned US20120110184A1 (en) | 2010-10-29 | 2010-10-29 | Physical layer photonic protocol switch |
Country Status (2)
Country | Link |
---|---|
US (1) | US20120110184A1 (en) |
WO (1) | WO2012058370A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105812288A (en) * | 2014-12-29 | 2016-07-27 | 中兴通讯股份有限公司 | Data exchange method, multi-frame interconnection system, and frame equipment thereof |
US20190075279A1 (en) * | 2013-05-21 | 2019-03-07 | Sony Corporation | Post production replication of optical processing for digital cinema cameras using metadata |
US20230155962A1 (en) * | 2021-11-18 | 2023-05-18 | The United States Of America, As Represented By The Secretary Of The Navy | System with Layer-One Switch for Flexible Communication Interconnections |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030108271A1 (en) * | 2001-12-06 | 2003-06-12 | Parry Simon P. | Optical data throughput protection switch |
US20040208619A1 (en) * | 2001-11-02 | 2004-10-21 | Jinghui Li | Re-Configurable dispersion compensation module (RDCM) |
US20040223760A1 (en) * | 2003-02-28 | 2004-11-11 | Jocelyn Lauzon | Optical communications access network architecture and method |
US7047176B2 (en) * | 2000-05-05 | 2006-05-16 | Fujitsu Limited | Method and system for hardware simulation |
US20110029673A1 (en) * | 2009-07-31 | 2011-02-03 | Devendra Rajkumar Jaisinghani | Extensible framework to support different deployment architectures |
US20110321033A1 (en) * | 2010-06-24 | 2011-12-29 | Bmc Software, Inc. | Application Blueprint and Deployment Model for Dynamic Business Service Management (BSM) |
US8155520B1 (en) * | 2008-04-16 | 2012-04-10 | Cyan, Inc. | Multi-fabric shelf for a transport network |
US8369707B2 (en) * | 2006-12-22 | 2013-02-05 | Telecom Italia S.P.A. | Dynamic routing of optical signals in optical networks |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7209657B1 (en) * | 2001-12-03 | 2007-04-24 | Cheetah Omni, Llc | Optical routing using a star switching fabric |
US8392496B2 (en) * | 2008-12-19 | 2013-03-05 | Watchguard Technologies, Inc. | Cluster architecture for network security processing |
-
2010
- 2010-10-29 US US12/915,505 patent/US20120110184A1/en not_active Abandoned
-
2011
- 2011-10-27 WO PCT/US2011/057989 patent/WO2012058370A1/en active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7047176B2 (en) * | 2000-05-05 | 2006-05-16 | Fujitsu Limited | Method and system for hardware simulation |
US20040208619A1 (en) * | 2001-11-02 | 2004-10-21 | Jinghui Li | Re-Configurable dispersion compensation module (RDCM) |
US6865311B2 (en) * | 2001-11-02 | 2005-03-08 | Oplink Communications, Inc. | Re-configurable dispersion compensation module (RDCM) |
US20030108271A1 (en) * | 2001-12-06 | 2003-06-12 | Parry Simon P. | Optical data throughput protection switch |
US20040223760A1 (en) * | 2003-02-28 | 2004-11-11 | Jocelyn Lauzon | Optical communications access network architecture and method |
US8369707B2 (en) * | 2006-12-22 | 2013-02-05 | Telecom Italia S.P.A. | Dynamic routing of optical signals in optical networks |
US8155520B1 (en) * | 2008-04-16 | 2012-04-10 | Cyan, Inc. | Multi-fabric shelf for a transport network |
US20110029673A1 (en) * | 2009-07-31 | 2011-02-03 | Devendra Rajkumar Jaisinghani | Extensible framework to support different deployment architectures |
US20110321033A1 (en) * | 2010-06-24 | 2011-12-29 | Bmc Software, Inc. | Application Blueprint and Deployment Model for Dynamic Business Service Management (BSM) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190075279A1 (en) * | 2013-05-21 | 2019-03-07 | Sony Corporation | Post production replication of optical processing for digital cinema cameras using metadata |
US10721450B2 (en) * | 2013-05-21 | 2020-07-21 | Sony Corporation | Post production replication of optical processing for digital cinema cameras using metadata |
CN105812288A (en) * | 2014-12-29 | 2016-07-27 | 中兴通讯股份有限公司 | Data exchange method, multi-frame interconnection system, and frame equipment thereof |
US20230155962A1 (en) * | 2021-11-18 | 2023-05-18 | The United States Of America, As Represented By The Secretary Of The Navy | System with Layer-One Switch for Flexible Communication Interconnections |
US11722435B2 (en) * | 2021-11-18 | 2023-08-08 | United States Of America As Represented By The Secretary Of The Navy | System with layer-one switch for flexible communication interconnections |
Also Published As
Publication number | Publication date |
---|---|
WO2012058370A1 (en) | 2012-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8909053B2 (en) | Tenant isolation in a multi-tenant cloud system | |
US11799754B2 (en) | Non-overlapping secured topologies in a distributed network fabric | |
US10554691B2 (en) | Security policy based on risk | |
US11848854B1 (en) | Method, apparatus, and computer program product for dynamic security based grid routing | |
US5351146A (en) | All-optical network architecture | |
US8140655B1 (en) | Dynamic enclave computing system | |
US7693970B2 (en) | Secured shared storage architecture | |
Schares et al. | A reconfigurable interconnect fabric with optical circuit switch and software optimizer for stream computing systems | |
US9491526B1 (en) | Dynamic data center network with a mesh of wavelength selective switches | |
US10454608B2 (en) | Methods and apparatus for logical associations between routers and optical nodes within a wavelength division multiplexing (WDM) system | |
US10491467B2 (en) | Fabric-based virtual air gap provisioning, systems and methods | |
US20120110184A1 (en) | Physical layer photonic protocol switch | |
US10291625B2 (en) | Security access for a switch device | |
US6417943B1 (en) | Low-latency high-bandwidth TDM-WDM network area network architecture | |
US7551853B2 (en) | Data communications apparatus | |
JP2018519757A (en) | Optical distribution network protection | |
US20020090166A1 (en) | Asymmetric compatible network element | |
US9900673B2 (en) | Software defined optical network | |
EP3398294B1 (en) | Communications network | |
US12021683B2 (en) | Fabric-based virtual air gap provisioning, system and methods | |
EP1231810A2 (en) | Network management architecture | |
CN113132314B (en) | Multiple virtual network system and method for realizing multiple virtual network communication | |
Shen et al. | Optical mitigation of DDoS attacks using silicon photonic switches | |
Habiby et al. | Optical network architecture, technology and component challenges in aircraft network applications | |
Shen | Reconfigurable Optically Interconnected Systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: LOCKHEED MARTIN CORPORATION, MARYLAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:UHLHORN, BRIAN L.;SCHANTZ, HOWARD J.;REEL/FRAME:025219/0459 Effective date: 20101027 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |